Professional Documents
Culture Documents
Computing Infrastructures To Support Cybersecurity Education
Computing Infrastructures To Support Cybersecurity Education
Computing Infrastructures To Support Cybersecurity Education
EDUCATION
Author Name(s)
Affiliation
Email addresses
(10-point type size, upper and lower case, centered under the title.
These should be left blank in the initial submission!)
For the SEED labs, students downloaded the original VM For the modern malware analysis course, we decided to set
to run on their laptop using VirtualBox. To help integrating up a Windows XP 32-bit virtual machine. However, unlike
lecture materials and lab materials, an additional the Linux system, the Windows system is not free; thus we
component was added to the VM. The students were to cannot distribute this VM to the student. Instead, we
download and install Anaconda inside the VM. Next, they provide a comprehensive list of tools and installers that we
launched a Jupyter server from inside the VM and used throughout the course. All the labs can be done in the
forwarded the port to the host laptop. With the lecture Linux environment by choosing a cross-platform Python
contents and lab activities converted to Python Jupyter library.
notebooks, students could access the lab environment
inside the VM and the lecture materials through a web 5. Teaching Experience, Challenges, and
browser. Student Feedback
Funded by the National Science Foundation in 2014, Since CSC 302 and CSC 495/583 are elective courses,
CloudLab’s goal is to provide researchers with a robust students enrolled in these courses came with different
cloud-based environment for next generation computing technical background. As a result, students’ learning
research [15]. These resources are distributed across experience, challenges, and course feedback varied across
several U.S. institutions. As of August 2018, CloudLab the courses and the sessions.
boasts an impressive collection of hardware. At the Utah
site, there was 785 nodes, including 315 with ARMv8, 270 5.1 Session 1 of CSC 302
with Intel Xeon-D, and 200 with Intel Broadwell. The
compute nodes at Wisconsin included 270 Intel Haswell One of the authors have taught Session 1 of CSC 302 for
nodes with memory ranging between 120GB and 160GB three semesters. The assigning of game enables students to
and 260 Intel Skylake nodes with memory ranging between learn using a project-based learning approach. Recognizing
128GB and 192GB. At Clemson University, there are 100 the fact that many students are not familiar with Linux, the
nodes running Intel Ivy Bridges, 88 nodes running Intel instructor first sent out a survey with Linux and networking
Haswell, and 72 nodes running Intel Skylake. All of related questions and then use the results of the survey to
Clemson's compute nodes have large memory (between divide students into groups with similar aggregated level of
256GB and 384GB), and there are also two additional technical skills. The instructor made sure that at least one
storage-intensive nodes that have a total of 270TB of student is very familiar with Linux and one or two of them
storage available. has/have working knowledge about Linux.
In order to provision resources using CloudLab, a In the first semester, the instructor prepared and taught the
researcher needs to describe the necessary computers, class under an ideal assumption that as long as adequate
network topologies, start-up commands, in a resource directions were provided, students would engage in the
project and learn by themselves. However, it turned out to the time line for their implementation. Finally, the
be not the case. The instructor received feedback for both instructor presented and emphasized the teaching/learning
logistic and technical issues. Logistic issues mainly approach for the class, which required two concurrent
focused on time and collaboration. Although enrolled thrusts on concepts and technology. The lecture time
students in this semester were at junior and senior level, focused on the conceptual parts, which illustrate how to
they complained about not having enough classroom time solve problem. The project and homework were
for the project. This was contradictory to the intention of implementations that use certain technology to solve the
the project, which was to be done after the class in lieu of real problem. Those technologies change all the time, and
homework assignments. Some group also complained students are responsible to this knowledge on their own
about team-members do not show up, etc. with some assistance such as an introduction lecture that
provided during the lecture time. These changes resulted in
They also have more technique issues than expected. One an improved experience for both students and instructor in
of the primary learning activity for students in the first task the following two semesters, although there are still
is to research through different Linux systems, select one, students that ask for systematic instruction on how to do
and following online documentation to install the machine. the lab.
Several groups emailed the instructor to require explicit
instructions regarding the installation of Linux operating Throughout the three semesters, the dedicated on-site local
system. There had also been requests for in-class computers for this session enabled students to have a stable
demonstrations of this process. Similar issues happened computing environment for the course’s projects and
with the installation and configuration of the required assignments. However, working with this infrastructure
services such as SSH, Web, and Email servers. Fluency in encountered several administrative challenges. One
programming techniques, which came from the challenge having to do with reserving the individual
prerequisites, did not translate into experience with system computers within the computer lab. To ensure no external
administration knowledge. For example, students could interference, the instructor isolated the selected computers
quickly create and publish a web page, but not able to setup and placed a semester-long hold on these computers. This
the corresponding web servers. During the intrusion and inadvertently reduced the number of laboratory computers
defend stage of the second and third tasks, the most available to other students. The setting of the room itself
common feedback was that the students could not was also not conducive to team-based activities, as students
understand and find out what type of tools they can use to struggled to find seating space around their team’s
defend and attack. As a result, several teams never computer. In the long term, this represented a scalability
attempted any intrusion, and there was no meaningful issue for increasing the instances of this session for the
intrusion detection and defend. The lack of prior course. Second, even if other students do not use the
experience in Linux was emphasized in many feedback that reserved servers, they may use the Ethernet cables, which
the instructors received. disable students in CSC 302 from remote login.
While the purpose of the sandbox is to promote free 5.2 Session 2 of CSC 302
exploration in order to facilitate attacks and defends, the
feedback highlighted typical students’ hesitation in This session of CSC 302 was taught for the first time in
navigating a fully project-based learning environment and Fall 2018. Learning from the experience in Session 1, the
their preference for step-by-step instructions. Taking this instructor for this session also provided a series of
into account, the instructor adjusted the course’s structure supporting materials that aimed to introduce students to the
to provide students with more gradual support. Linux environment and C programming. Instructions on
setting up the Python’s Anaconda environment, Jupyter
In the subsequent semester, the instructors enacted a server, and port forwarding were provided with the goal to
number of changes to better coordinate the project ease students into working with. While students’ feedback
activities. While the project still pushed students to was positive, interesting technical challenges arose with
research and explore the system and network security, the usage of the SEED VM.
there are more support structures in the materials. First, the
entire game was divided into three complete stages, and The instructors observed that students in the class had
there was one checkpoint for each stage to make sure different personal laptops, many of which were older
everyone got the minimum requirement. Second, the models. As the uncompressed SEED VM required more
instructor provided an initial reference list of intrusion and than 12GB in size, several students struggled to find
defend tools for the students. The list does not include enough disk space to decompress and setup the VM. The
installation, configuration, and usage documentation. As a age of the hard drive also impacted the integrity of the VM,
result, if students decided to follow the list, they will need and throughout the semester, the class encountered
to perform research on how to use them. Furthermore, they instances when the VM file corrupted, resulting in having
can also use this list as a reference point for additional to download and setup the computing environment again.
tools. Third, each group was to submit a game plan to Even with SEED’s consideration regarding the hardware
illustrate the responsibilities for each team members and configuration of the VM (1 core and 1GB of memory),
students experienced lag in working with the VM, support installing and running the local VM software.
particularly for the web security exercises. Students who own Chromebook have to use remote secure
shell to connect to a remote Linux server and setting up
After the first half of the semester working on a local VM, everything by their own. These compatibility issues make
the introduction of the CloudLab-based project was student feel discourage or frustrated and may fall behind.
actually well received by the students. As CloudLab
provided a significantly better hardware performance, 5. Conclusion and Future Work
students were able to smoothly deploy and work on their
individual VM regardless of their individual laptops’ In this work, we highlighted our experience using various
configurations. Near the end of the semester, the instructor computing infrastructures in cybersecurity courses. These
also attempted to introduce two network security exercises infrastructures included on-site local network of
regarding packet sniffing and spoofing. Without having computers, VMs installed on students’ personal laptops,
reserved a prior laboratory, the instructor deployed an and computing environments deployed in the cloud. The
online environment in CloudLab [17]. This environment former two presented various logistical, technical, and
allows the instructor to specify a number of VMs administrative challenges in ensuring a seamless and
corresponding to the number of students, set up and equip transparent hands-on learning environment for students.
the VMs with relevant software packages and source codes Early experience in the last approach using CloudLab, a
for the lectures, and deploy them on CloudLab. The entire national computing infrastructure, was positive and
process took approximately thirty minutes and was done provided indications that cloud computing environments
prior to the start of the class. like CloudLab can provide significant support for teaching
cybersecurity courses.
5.3 CSC 497/583
At the same time, using a cloud-based infrastructure is not
Students came into CSC 497/583 near the end of the without its hurdles. It places a burden on the instructor to
undergraduate career or at the graduate level. Therefore, install, configure, and deploy the environment, with the
issues related to prior experience working with Linux were added caveat of having to learn how to work with a cloud
rare. The instructor for CSC 497/583 observed several provider. CloudLab is a research-based environment, and
advantages and disadvantages in using local VM in this thus is not appropriate for scenarios where a dedicated
course. infrastructure needs to be maintained throughout the
semester. To address these challenges, the authors are
5.3.1 Advantages pursuing future work in preparing cloud profile templates
The use of local VM provided students with a safe, reliable, to help with automated installation and configuration and
and consistent experiment environment. It was easy to use exploring additional resources, including the JetStream
and students did not need to set up the initial Linux Cloud infrastructure inside XSEDE (Extreme Science and
environment by themselves. This was especially important Engineering Discovery Environment) for provisioning
as many tools and libraries in the Linux environment are sustained infrastructure.
not easy to compile and install and require the student to
have some level of debugging skills when facing with 4. Acknowledgements
compiling error. Second, the local VM provided a GUI
interface to the students, thus reducing the learning curve The hands-on project in session 1 of CSC 302 borrows
to the student who is not familiar with command line the game administration plan that was developed for
operation. Third, the local VM is cross-platform, and it the previous graduate security course (CPSC665) in
supports both the Windows and Linux system, which is Computer Science Department at Texas A&M
ideal for studying various binary file structure on the University. Thanks Dr. Udo Pooch and Dr. Bin Lu for
different operating system (e.g., PE and ELF format). Last their generous help in the development of this game.
but not least, the VM software provided snapshots which They will be always remembered.
guarantee to revert the VM to an earlier state completely.
This feature is extremely useful for the student who studied
the malware analysis course.
References:
5.3.2 Disadvantages [1] Paulsen, C., McDuffie, E., Newhouse, W., & Toth, P.
First, some students have faced compatibility issues when (2012). NICE: Creating a Cybersecurity Workforce and
installing and using the local VM. Si found that some Aware Public. IEEE Security & Privacy, 10(3), 76-79.
laptop does not enable the VT-D feature in their BIOS [2] Sobiesk, E., Blair, J., Conti, G., Lanham, M., & Taylor,
settings by default and therefore cannot boot up the VM H., Cyber education: a multi-level, multi-discipline
image. Moreover, some laptop with NVidia graphics card approach. Proc. 16th ACM Annual Conference on
and runs Linux Mint system needs to manually disable Information Technology Education, Chicago, IL, 2015, 3-
secure boot to install VM software (e.g., VirtualBox). 47.
Second, the Chromebook operating system does not
[3] McDuffie, E. L., & Piotrowski, V. P., The future of
cybersecurity education. IEEE Computer, 47(8), 2014, 67-
69.
[4] DHS Task Force on CyberSkills, CyberSkills Task
Force Report, D.o.H. Security, Editor. Washington, DC,
2012, 1-41.
[5] Conklin, W. A., Cline, R. E., & Roosa, T., Re-
engineering cybersecurity education in the US: an analysis
of the critical factors. Proc. 47th IEEE International
Conference on System Sciences (HICSS), Big Island, HI,
2014, 2006-2014.
[6] Weiss, R., Mache, J., & Nilsen, E., Top 10 hands-on
cybersecurity exercises. Journal of Computing Sciences in
Colleges, 29(1), 2013, 140-147.
[7] Brustoloni, J. C., Laboratory experiments for network
security instruction. Journal on Educational Resources in
Computing (ACM Transactions on Computing Education),
6(4), 2006, 5.
[8] Abler, R. T., Contis, D., Grizzard, J. B., & Owen, H. L.,
Georgia tech information security center hands-on network
security laboratory. IEEE Transactions on Education,
49(1), 2006, 82-87.
[9] Bullers Jr, W. I., Burd, S., & Seazzu, A. F., Virtual
machines-an idea whose time has returned: application to
network, security, and database courses. ACM SIGCSE
Bulletin 38(1), 2006, 102-106.
[10] Du, W., SEED: hands-on lab exercises for computer
security education. IEEE Security & Privacy, 9(5), 2011,
70-73.
[11] Stoller, M. H. R. R. L., Duerig, J., Guruprasad, S.,
Stack, T., Webb, K., & Lepreau, J., Large-scale
virtualization in the emulab network testbed. Procs
USENIX Annual Technical Conference, Boston, MA,
2008.
[12] Mirkovic, J., & Benzel, T., Teaching cybersecurity
with DeterLab. IEEE Security & Privacy, 10(1), 2012, 73-
76.
[13] Salah, K., Hammoud, M., & Zeadally, S. Teaching
cybersecurity using the cloud. IEEE Transactions on
Learning Technologies, 8(4), 2015, 383-392.
[14] Park, Y., Hu, H., Yuan, X., & Li, H. Enhancing
Security Education Through Designing SDN Security Labs
in CloudLab. Procs 49th ACM Technical Symposium on
Computer Science Education, Baltimore, MD, 2018, 185-
190.
[15] Ricci, R., Eide, E., & CloudLab Team, Introducing
CloudLab: Scientific infrastructure for advancing cloud
architectures and applications. ; login:: the magazine of
USENIX & SAGE, 39(6), 2014, 36-38.
[16] Watson, J., Virtualbox: bits and bytes masquerading
as machines. Linux Journal, 2008(166), 2008, 1.
[17] Ngo, L., SEEDCloud.
https://github.com/linhbngo/SEEDCloud, 2019.
[18] Towns, J., Cockerill, T., Dahan, M., Foster, I., Gaither,
K., Grimshaw, Hazlewood, V., Lathrop, S., Lifka, D.,
Peterson, G.D., & Roskies, R. XSEDE: accelerating
scientific discovery. Computing in Science & Engineering,
16(5), 2014, 62-74.